{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/mingsoft/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["SSRF","mingSoft","CVE-2026-4953"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA server-side request forgery (SSRF) vulnerability has been identified in mingSoft MCMS version 5.5.0. The vulnerability resides within the \u003ccode\u003ecatchImage\u003c/code\u003e function in the \u003ccode\u003enet/mingsoft/cms/action/BaseAction.java\u003c/code\u003e file, specifically affecting the Editor Endpoint component. Attackers can remotely exploit this vulnerability by manipulating the \u003ccode\u003ecatchimage\u003c/code\u003e argument. Publicly available exploits exist, increasing the risk of exploitation. Successful exploitation could allow an attacker to probe…\u003c/p\u003e\n","date_modified":"2026-03-27T15:17:02Z","date_published":"2026-03-27T15:17:02Z","id":"/briefs/2026-03-mingsoft-ssrf/","summary":"A server-side request forgery (SSRF) vulnerability (CVE-2026-4953) exists in mingSoft MCMS version 5.5.0, allowing remote attackers to manipulate the 'catchimage' argument in the catchImage function to potentially access or interact with internal resources.","title":"mingSoft MCMS Server-Side Request Forgery Vulnerability (CVE-2026-4953)","url":"https://feed.craftedsignal.io/briefs/2026-03-mingsoft-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — MingSoft","version":"https://jsonfeed.org/version/1.1"}